Cyber  Updates












 Is the UK’s Approach to


 Cyber Security Changing?  One of the ways this will hopefully manifest itself

        is by building a culture of information sharing
        between companies. This has been a major
        sticking point in recent years, as companies
 By Matthew Robertson, producer of the UKsec Summit  have been reluctant to hand over information
        regarding breaches they have suffered for fear
 The early 2010s, although just over a decade away, are starting to feel like a lifetime ago, not least   it could damage their reputation or give away
 when we consider the technology we rely on everyday. In 2010, Apple had yet to launch the iPad   crucial company secrets. But sharing information
 and most people in the UK were still using 3G networks. A year later, the UK introduced its Cyber   will ultimately be in everyone’s benefit as we all
 Security Strategy,  face similar threats. Looking to the insurers for
        guidance here could prove helpful, as they have a
        particularly mature culture of information sharing,
 which sought to “promote growth and minimise the economic impact of cyber attacks by working   particularly able to quantify the cost of risk.
 closely with the private sector.” While this may sound familiar to observers of the UK’s current cyber
 security policy, the approach we are now taking is in fact a sharp departure from that of a decade   To be sure, moving in this direction will not be
 ago.   easy, or even pretty. In my own conversations with
        the Steering Committee for our upcoming UKsec
 The “close work” with the private sector described by the 2011 strategy ultimately amounted to little
 more than general guidance. The private sector was largely left to fend for itself, so much so that   Summit, one committee member working for a
 Robert Hannigan, then head of GCHQ, said only four years later that the government had to act to   public body remarked how he has noticed the
 reform the market and make it “work better”. The hands-off approach wasn’t working, and he said   questioning from state representatives regarding
 “we cannot as a country allow this situation to continue”.  his organisation’s security status has recently
        become deeply invasive. This may be the price we
 It took another four years for the government to agree. In June 2019, the Parliamentary Public   have to pay for a more resilient future.
 Accounts Committee concluded that the Government’s previous plans “[did] not represent
 a resilient security strategy.” Its conclusion was alarmingly that the UK remains particularly   Looking forward, it’s clear that cyber security has
        become much more of a focus for the UK than it
 vulnerable to the threat of cyber attacks. Several recommendations were issued as a result,   was 10 years ago. More money is being spent, but
 including a long-term coordinated approach to cyber security, with a properly costed budget to   crucially more of society is being brought onboard
 make sure funds for the programme are suitable for the size of the challenge.  in the fight against cyber threats. Let’s hope in

        another 10 years we’ll be looking back on a period
 The criticisms of the old programme and recommendations for the future seem to have been highly  of success for the UK’s new cyber strategy.
 influential in this year’s National Cyber Strategy, the UK’s plan to protect its interests in cyberspace.
 A      We’ll be delving into the UK’s cyber journey at this
 huge £22 billion budget will be allocated to researching and developing technology to aid cyber   year’s UKsec Cyber Security Summit in London on
 security (up from the £1.9 billion budget of the old plan). By comparison, last year France announced   22-23 November 2022. If you liked this article, you
 it was allocating only €1 billion to French cyber security.  might want to check out our conference agenda.

        The theme of the event this year is entering a
 Perhaps more important than the funding, however, is the different approach of the 2022 strategy.   new stage in UK cyber security. As a thank you for
 The new programme promotes a “whole of society approach” to cyber security. This suggests that   reading, you can use our special discount code
 the view of cyber security as only being within the remit of the IT teams in individual companies is   ‘SECINSTITUTE’ to get a free ticket to the event.
 a thing of the past. It is now the view of the UK Government that society at all levels, from ordinary   Register here: https://uk.cyberseries.io/register/
 people right up to the boards of major companies, should be aware of and working towards the
 country’s security development. The government emphasises that working in partnership is essential
 to success.








 44